Try our new research platform with insights from 80,000+ expert users

Graylog vs ManageEngine EventLog Analyzer vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of Graylog is 6.6%, up from 5.7% compared to the previous year. The mindshare of ManageEngine EventLog Analyzer is 0.8%, down from 1.2% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.4%, down from 11.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Andrey Mostovykh - PeerSpot reviewer
Real-time analysis, easy setup, and open source
We stopped using it for analytics because of its price, and at the moment, we are using it mostly for log centralization. If you use it with high traffic for analytical purposes, as well as for the logs, the infrastructure costs are unbelievable. Graylog is a great product backed by Elasticsearch as the storage and query engine. It is just an interface on top of Elasticsearch and some Elasticsearch management. The indexes that are kept in Elasticsearch are managed by Graylog software. Elasticsearch is a decent product, but it's very infrastructure-heavy. It requires lots of resources, and if you make a mistake with provisioning, you are likely to not get a cluster back. We had a couple of outages like that, and we hated that. So, we ended up over-provisioning resources just to avoid such situations from happening. If you have a whole team trying to fix the Graylog instance for two days, that's a bit too much. That may be my Norwegian take on it, but the engineering resources are expensive. It's better to just provision the infrastructure. Overall, the product is great, and the features are just fine, but the infrastructure cost is what is killing it. The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic. I'm not sure if they can improve the infrastructure cost with the way Elasticsearch is. If they keep using Elasticsearch, maybe there are some opportunities there, or they can support other backends with cheaper storage. They could have a different backend to replace Elasticsearch or do some tweaks to Elasticsearch to reduce the costs. There could be partial parsing of logs or parsing on demand so that when you write data through Graylog to Elasticsearch, it doesn't need to crunch in every detail requiring that much CPU.
Md Abdul Hakim - PeerSpot reviewer
Efficient log management enhances activity monitoring despite VPN user issue
Last month, we faced an issue with a Hawaiian VPN user activity. It's like a Fortinet device configured for VPN users. When a VPN user logs in, it doesn't really capture the time before this. If you're testing with existing or new device integration, then the product will be good in the market.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"The ability to write custom alerts is key to information security and compliance."
"Message forwarding through the in-built module."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Real-time UDP/GELF logging and full text-based searching."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"It is stable."
"The reporting features are noteworthy, as they provide templates that streamline the process of generating reports"
"ManageEngine EventLog Analyzer is easy to gather reports to give to management. My supervisor has access to the solution and he enjoys the graphs."
"The tool's reports show activities."
"The support system is very good."
"It's one of the easiest products. It's very simple to use."
"I have made use of technical support and am certainly very satisfied with them."
"The user interface is very good."
"This is a straightforward solution, easy to configure."
"We have created a few custom use cases for Splunk that have helped us detect threats faster. For example, we set up endpoint-related data models and specialized setups for various scenarios. It's more efficient than some other products I've used."
"It has the ability to correlate data, analyze and review it."
"You can check up on security from the dashboards."
"The most valuable feature is the log aggregation, being able to scan through all of the logs."
"Its integration is most valuable. Its UI is also pretty much easy."
"The dashboard is amazing. Out-of-the-box dashboard is very good. It is very user-friendly."
"Visualizations helped the organisation with a better understanding of its KPIs."
 

Cons

"Its scalability gets complicated when we have to update or edit multiple nodes."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"There should be some user groups and an auto sign-in feature.​"
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Graylog can improve the index rotation as it's quite a complex solution."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"I would like to see more detailed reports."
"The solution is stable. However, there are limits. For example, we can do 2,500 Syslog events per second, but if we want to do more we have to install the distributor structure, and then we can expand how many events we can do. They could improve the stability."
"There's a lot to improve in terms of connectivity. Currently, we're utilizing it across various infrastructures and environments, including others' cloud. However, connecting it to our infrastructure and integrating it with some of our SMAX solutions poses difficulties."
"Last month, we faced an issue with a Hawaiian VPN user activity."
"The scalability is limited."
"The first tier of customer service and support is not great."
"There isn't good security integration when it comes to cybersecurity. The correlation of logs isn't so simple."
"Last month, we faced an issue with a Hawaiian VPN user activity. It's like a Fortinet device configured for VPN users."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky."
"This solution could be improved by better pricing in general and by easier installation."
"Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"An improved user interface along with multi-tenancy support would be beneficial."
"You do need a lot of training and certification with this product."
"Splunk is more expensive than other solutions."
 

Pricing and Cost Advice

"We are using the free version of the product. However, the paid version is expensive."
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
"Having paid official support is wise for projects."
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."
"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"Consider Enterprise support if you have atypical needs or setup requirements.​"
"I use the free version of Graylog."
"ManageEngine EventLog Analyzer is expensive. Its licensing costs are annual."
"Licensing for ManageEngine EventLog Analyzer is paid yearly."
"We paid for the license of the solution and the deployment. The price of ManageEngine EventLog Analyzer is less expensive than other solutions."
"There is a yearly subscription for the solution."
"There is a license required for these solutions. The customer can choose the license type, such as an annual license purchase or a perpetual license. If the customer wants maintenance they will have to pay annually."
"ManageEngine EventLog Analyzer is a low-cost solution. It costs approximately $1,000 per month per server for a perpetual license."
"I think the price could be improved."
"Its price is fair. Like with anything else, if you go into the cloud, different providers cost more, and you are able to throttle back or throttle up. The cost is comparable with anything else."
"Splunk has always been on the expensive side."
"The license for Splunk Enterprise Security is expensive."
"The pricing is a little bit on the higher side, but looking at what Splunk provides us, it is reasonable."
"While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events."
"Its pricing model can be improved."
"The price of Splunk is reasonable."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Comms Service Provider
10%
Government
7%
Educational Organization
7%
Computer Software Company
20%
Government
9%
Healthcare Company
7%
Manufacturing Company
7%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
We are using the free version of the product. However, the paid version is expensive.
What needs improvement with Graylog?
When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the doc...
What do you like most about ManageEngine EventLog Analyzer?
The reporting features are noteworthy, as they provide templates that streamline the process of generating reports
What needs improvement with ManageEngine EventLog Analyzer?
Last month, we faced an issue with a Hawaiian VPN user activity. It's like a Fortinet device configured for VPN users...
What is your primary use case for ManageEngine EventLog Analyzer?
I find this solution useful for IT devices as a live stream to work with Syshun, serving as both the router and the t...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitor...
 

Also Known As

Graylog2
EventLog Analyzer
No data available
 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Moody National Bank, EnCircle, Goldleaf Financial Solutions, Inc, IBM, Ernst & Young, Micro Linear, Silverbeck-Rymer Solicitors, Provincial Court of British Columbia, Eleventh Judicial Circuit of Florida, OGILVY & MATHER, E! Entertainment, Tribune-Review Publishing Co.
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Wazuh, Splunk, Datadog and others in Log Management. Updated: March 2025.
848,716 professionals have used our research since 2012.